Google Links Redirected

December 26, 2009 at 17:39:15
Specs: Windows 7
I am having same issue of Google links redirected to ad links, i have tried few things but nothing seems to be working. please help!!

See More: Google Links Redirected

Report •


#1
December 26, 2009 at 18:05:58
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
December 26, 2009 at 18:12:35
I am getting an error -

Line -1:
Error: variable used without being declared.

Note - I am using windows 7


Report •

#3
December 26, 2009 at 18:31:54

Try this scanner. Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

* Save both reports to your desktop
* Please include the following logs in your next reply: DDS.txt and Attach.txt


Report •

Related Solutions

#4
December 26, 2009 at 18:45:55
DDS.text


DDS (Ver_09-12-01.01) - NTFSx86
Run by Shilpita at 20:43:42.60 on Sat 12/26/2009
Internet Explorer: 8.0.7100.0 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.3003.1429 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Windows\vVX1000.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Shilpita\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Shilpita\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shilpita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MPLY0XZ\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\4.0.266.0\npchrome_tab.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [googletalk] c:\users\shilpita\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Google Update] "c:\users\shilpita\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Cleanup] C:\cleanup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: avanade.com\connect
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\4.0.266.0\npchrome_tab.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\shilpita\appdata\roaming\mozilla\firefox\profiles\6bw5qmam.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\shilpita\appdata\roaming\mozilla\firefox\profiles\6bw5qmam.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsharedview.dll
FF - plugin: c:\users\shilpita\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\shilpita\appdata\roaming\mozilla\firefox\profiles\6bw5qmam.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\shilpita\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-26 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-4-21 48128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-17 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-28 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-28 40552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-20 139776]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-4-21 229888]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-28 34248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2009-12-27 02:40:30 61440 ----a-w- c:\windows\system32\drivers\amum.sys
2009-12-27 01:48:03 2 --shatr- c:\windows\winstart.bat
2009-12-27 01:47:36 0 d-----w- c:\program files\UnHackMe
2009-12-27 00:37:28 0 d-sh--w- C:\$RECYCLE.BIN
2009-12-27 00:28:37 98816 ----a-w- c:\windows\sed.exe
2009-12-27 00:28:37 77312 ----a-w- c:\windows\MBR.exe
2009-12-27 00:28:37 261632 ----a-w- c:\windows\PEV.exe
2009-12-27 00:28:37 161792 ----a-w- c:\windows\SWREG.exe
2009-12-26 23:59:01 0 ----a-w- C:\backup.reg
2009-12-26 23:59:00 574 ----a-w- C:\cleanup.bat
2009-12-26 23:59:00 135168 ----a-w- C:\zip.exe
2009-12-26 23:24:08 0 d-----w- c:\users\shilpita\appdata\roaming\Malwarebytes
2009-12-26 23:24:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 23:24:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 23:24:02 0 d-----w- c:\programdata\Malwarebytes
2009-12-26 23:24:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 22:30:29 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-26 20:41:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-26 20:36:15 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-26 20:35:50 0 d-----w- c:\programdata\Lavasoft
2009-12-26 20:35:50 0 d-----w- c:\program files\Lavasoft
2009-12-26 20:13:51 0 d---a-w- c:\programdata\TEMP
2009-12-26 19:16:30 0 d-----w- c:\program files\Trend Micro
2009-12-23 03:11:28 0 d-----w- c:\program files\Microsoft SharedView
2009-12-23 02:55:27 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-23 02:52:01 0 d-----r- c:\program files\Skype
2009-12-23 02:51:57 0 d-----w- c:\programdata\Skype
2009-12-23 02:38:13 0 d-----w- c:\users\shilpita\appdata\roaming\WindSolutions
2009-12-23 02:38:13 0 d-----w- c:\programdata\WindSolutions
2009-12-12 06:16:47 132096 --sha-r- c:\windows\system32\WMVDECODF.dll
2009-12-12 01:19:24 0 d-----w- c:\program files\DivX
2009-12-12 01:19:24 0 d-----w- c:\program files\common files\DivX Shared
2009-12-05 14:50:20 166252 ------w- c:\windows\hpoins30.dat.temp

==================== Find3M ====================

2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-04-22 08:14:13 174 --sha-w- c:\program files\desktop.ini
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-27 04:24:20 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-05-14 03:22:45 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-22 05:19:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe

============= FINISH: 20:44:35.95 ===============


Report •

#5
December 26, 2009 at 18:46:24
Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2009 10:14:35 PM
System Uptime: 12/26/2009 8:06:02 PM (0 hours ago)

Motherboard: Quanta | | 3627
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 48.592 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 1.657 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 47.087 GiB free.
F: is FIXED (NTFS) - 90 GiB total, 77.295 GiB free.
G: is FIXED (NTFS) - 12 GiB total, 1.975 GiB free.
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ACPI\ENE0100\4&9D1EA7&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&9D1EA7&0
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID:
Description:
Device ID: ACPI\HPQ0004\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0004\2&DABA3FF&1
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Accenture CA Root Certificates
Accenture Office Communicator Contact Conversion Tool
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Cisco MeetingPlace for Outlook
Cisco Systems VPN Client 5.0.04.0300
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Plus Web Player
DocProc
DocProcQFolder
Google Chrome
Google Chrome Frame
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
HijackThis 2.0.2
HP Imaging Device Functions 11.0
HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Detection
HP Smart Web Printing
HP Update
HPPhotoSmartPhotobookWebPack1
Image Resizer Powertoy Clone for Windows
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
J2SE Runtime Environment 5.0 Update 17
Java(TM) 6 Update 17
JMicron JMB38X Flash Media Controller Driver
LightScribe System Software
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office InfoPath MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Outlook Hotmail Connector 32-bit (Beta)
Microsoft Outlook Web Access S/MIME (2007)
Microsoft SharedView
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5)
MSVCRT
Nero 9.0.9.4 Lite
Network
OCR Software by I.R.I.S. 11.0
ODIR
OPSWAT AntiVirus and Firewall Integration Libraries
PanoStandAlone
PS_AIO_04_C4580_ProductContext
PS_AIO_04_C4580_Software
PS_AIO_04_C4580_Software_Min
PSSWCORE
QuickTime
Realtek USB 2.0 Card Reader
Safari
Scan
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Skype web features
Skype™ 4.1
SmartWebPrinting
SopCast 3.2.4
Status
Toolbox
TrayApp
UnloadSupport
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WinZip 11.2
WinZip Command Line Support Add-On 2.3
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

12/26/2009 8:07:56 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/26/2009 6:36:03 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/26/2009 2:50:14 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/26/2009 2:36:54 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/24/2009 7:15:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/23/2009 12:02:07 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Shilpita-PC\Shilpita SID (S-1-5-21-2665154931-3328447747-2728526527-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/22/2009 8:04:29 AM, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


Report •

#6
December 26, 2009 at 19:09:25
If Virus Total says this file has already been analyzed click re-ananlyze and run it through again.

Please go to Virus Total and upload the following file for analysis:

c:\windows\system32\drivers\amum.sys

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".

Post the results in your reply.

Please download GooredFix and save it to your Desktop.

1. Double-click GooredFix.exe to run it.

2. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Remember..your McAfee antivirus, Windows Defender, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
December 26, 2009 at 19:22:41
Virus Total Log -

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.27 -
AhnLab-V3 5.0.0.2 2009.12.26 Win-Trojan/Avenger.61440
AntiVir 7.9.1.122 2009.12.26 -
Antiy-AVL 2.0.3.7 2009.12.25 Hoax/Win32.Agent.gen
Authentium 5.2.0.5 2009.12.26 -
Avast 4.8.1351.0 2009.12.27 -
AVG 8.5.0.430 2009.12.26 -
BitDefender 7.2 2009.12.27 -
CAT-QuickHeal 10.00 2009.12.26 Trojan.Agent.ATV
ClamAV 0.94.1 2009.12.26 -
Comodo 3381 2009.12.27 -
DrWeb 5.0.1.12222 2009.12.27 -
eSafe 7.0.17.0 2009.12.24 Win32.Banker
eTrust-Vet 35.1.7198 2009.12.25 -
F-Prot 4.5.1.85 2009.12.26 -
F-Secure 9.0.15370.0 2009.12.27 -
Fortinet 4.0.14.0 2009.12.27 -
GData 19 2009.12.26 -
Ikarus T3.1.1.79.0 2009.12.26 -
Jiangmin 13.0.900 2009.12.26 Hoax.Agent.f
K7AntiVirus 7.10.931 2009.12.26 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.12.27 -
McAfee 5843 2009.12.26 -
McAfee+Artemis 5843 2009.12.26 -
McAfee-GW-Edition 6.8.5 2009.12.27 -
Microsoft 1.5302 2009.12.26 -
NOD32 4717 2009.12.26 -
Norman 6.04.03 2009.12.26 W32/Agent.HHSF
nProtect 2009.1.8.0 2009.12.26 Trojan/W32.Agent.61440.JQ
Panda 10.0.2.2 2009.12.15 Rootkit/Agent.LNB
PCTools 7.0.3.5 2009.12.27 -
Prevx 3.0 2009.12.27 -
Rising 22.27.06.01 2009.12.27 -
Sophos 4.49.0 2009.12.27 -
Sunbelt 3.2.1858.2 2009.12.26 -
Symantec 1.4.4.12 2009.12.27 -
TheHacker 6.5.0.3.113 2009.12.26 -
TrendMicro 9.120.0.1004 2009.12.26 -
VBA32 3.12.12.0 2009.12.26 -
ViRobot 2009.12.26.2109 2009.12.26 Hoax..Agent.61440
VirusBuster 5.0.21.0 2009.12.26 -
Additional information
File size: 61440 bytes
MD5...: 589312a3b46721c5a751e4d5222a89be
SHA1..: 3a497d3968a4f6e3c648d196da38e5f98e75ec30
SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae
ssdeep: 768:UzNrXvTHr4DU6K5H5VLvDcLugwoMcq5+x7J1uQ9VP:QTG2VrOuN+lJpP

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd394
timedatestamp.....: 0x476b398b (Fri Dec 21 03:56:59 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x400 0xd756 0xd780 5.52 e0dc8fff10e3a7c6343455cd02a67954
.rdata 0xdb80 0x10e 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302
.data 0xdd00 0xc0 0x100 0.04 66a415a49d751cb335895306ecfb3389
INIT 0xde00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc
.reloc 0xe180 0xe2c 0xe80 6.60 4f845320301140370066cbceee4c5e4c

( 1 imports )
> ntoskrnl.exe: ZwWriteFile, wcslen, RtlUpcaseUnicodeChar, ZwClose, ZwCreateFile, RtlInitUnicodeString, wcscat, wcscpy, _wcsicmp, ZwQueryValueKey, ZwOpenKey, ZwDeleteKey, swprintf, ZwEnumerateKey, ExFreePoolWithTag, DbgPrint, ExAllocatePoolWithTag, RtlPrefixUnicodeString, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, ZwEnumerateValueKey, ZwOpenFile, ZwSetInformationFile, KeTickCount, ZwQueryInformationFile, KeBugCheck, MmGetSystemRoutineAddress, ZwFlushKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, RtlCheckRegistryKey, KeDelayExecutionThread, ZwReadFile, PsCreateSystemThread, PsGetVersion

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Report •

#8
December 26, 2009 at 19:23:15
GooredFix

GooredFix by jpshortstuff (06.12.09.1)
Log created at 21:24 on 26/12/2009 (Shilpita)
Firefox version 3.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:33 01/07/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [00:35 02/07/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [11:11 30/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [14:39 04/12/2009]

C:\Users\Shilpita\Application Data\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\
firefox@tvunetworks.com [04:16 17/11/2009]
{20a82645-c095-46ed-80e3-08825760534b} [04:00 01/07/2009]
{3112ca9c-de6d-4884-a869-9855de68056c} [16:41 26/12/2009]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [09:55 03/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:55 22/04/2009]
"{3112ca9c-de6d-4884-a869-9855de68056c}"="C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}" [01:32 14/07/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [01:14 08/08/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [02:57 29/10/2009]

-=E.O.F=-


Report •

#9
December 26, 2009 at 19:33:56
I am not able to paste the ComboFix log, i hit submit button and it seems its not working... is there any other way i can send it to you.

Report •

#10
December 26, 2009 at 19:38:00
Try posting it is two or more segments, may be to large for one post.

Report •

#11
December 26, 2009 at 19:41:08
ComboFix 09-12-26.01 - Shilpita 12/26/2009 18:29:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.3003.1914 [GMT -6:00]
Running from: c:\users\Shilpita\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 00:35 . 2009-12-27 00:35 -------- d-----w- c:\users\VaibhaV\AppData\Local\temp
2009-12-27 00:35 . 2009-12-27 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-26 23:59 . 2009-12-26 23:59 0 ----a-w- C:\backup.reg
2009-12-26 23:59 . 2009-12-26 23:59 574 ----a-w- C:\cleanup.bat
2009-12-26 23:59 . 2009-12-26 23:59 135168 ----a-w- C:\zip.exe
2009-12-26 23:24 . 2009-12-26 23:24 -------- d-----w- c:\users\Shilpita\AppData\Roaming\Malwarebytes
2009-12-26 23:24 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 23:24 . 2009-12-26 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 23:24 . 2009-12-26 23:24 -------- d-----w- c:\programdata\Malwarebytes
2009-12-26 23:24 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 22:30 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-26 20:41 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-26 20:41 . 2009-12-26 20:41 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-26 20:41 . 2009-12-26 20:41 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-26 20:40 . 2009-12-26 20:41 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-26 20:40 . 2009-12-26 20:40 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-26 20:40 . 2009-12-26 20:40 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-26 20:40 . 2009-12-26 20:40 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-26 20:38 . 2009-12-26 20:38 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-26 20:38 . 2009-12-26 20:38 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-26 20:38 . 2009-12-26 20:38 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-26 20:38 . 2009-12-26 20:38 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-26 20:38 . 2009-12-26 20:38 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-26 20:38 . 2009-12-26 20:38 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-26 20:38 . 2009-12-26 20:38 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-26 20:36 . 2009-12-26 20:36 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-26 20:36 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-26 20:35 . 2009-12-26 20:41 -------- d-----w- c:\programdata\Lavasoft
2009-12-26 20:35 . 2009-12-26 20:35 -------- d-----w- c:\program files\Lavasoft
2009-12-26 20:23 . 2009-12-26 20:23 -------- d-----w- c:\users\Shilpita\AppData\Local\Threat Expert
2009-12-26 19:40 . 2009-12-26 19:40 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDEC1.tmp.exe
2009-12-26 19:40 . 2009-12-26 19:40 -------- d-----w- c:\users\VaibhaV\AppData\Local\Google
2009-12-26 19:39 . 2009-12-26 19:39 -------- d-----w- c:\users\VaibhaV\Tracing
2009-12-26 19:16 . 2009-12-26 19:16 -------- d-----w- c:\program files\Trend Micro
2009-12-26 16:41 . 2009-12-16 20:42 43008 ----a-w- c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-26 16:41 . 2009-12-16 20:42 340480 ----a-w- c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-26 16:41 . 2009-12-16 20:42 872960 ----a-w- c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-26 16:41 . 2009-12-16 20:41 346624 ----a-w- c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-23 03:11 . 2009-12-23 03:11 -------- d-----w- c:\program files\Microsoft SharedView
2009-12-23 02:55 . 2009-12-23 06:05 -------- d-----w- c:\users\Shilpita\AppData\Roaming\skypePM
2009-12-23 02:52 . 2009-12-27 00:15 -------- d-----w- c:\users\Shilpita\AppData\Roaming\Skype
2009-12-23 02:52 . 2009-12-23 02:52 -------- d-----w- c:\program files\Common Files\Skype
2009-12-23 02:52 . 2009-12-23 02:52 -------- d-----r- c:\program files\Skype
2009-12-23 02:51 . 2009-12-23 02:52 -------- d-----w- c:\programdata\Skype
2009-12-23 02:38 . 2009-12-26 18:57 -------- d-----w- c:\programdata\WindSolutions
2009-12-23 02:38 . 2009-12-23 02:40 -------- d-----w- c:\users\Shilpita\AppData\Roaming\WindSolutions
2009-12-12 06:16 . 2009-12-12 06:16 132096 --sha-r- c:\windows\system32\WMVDECODF.dll
2009-12-12 01:19 . 2009-12-12 01:19 -------- d-----w- c:\program files\DivX
2009-12-12 01:19 . 2009-12-12 01:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-04 16:03 . 2009-12-04 16:03 251376 ----a-w- c:\users\Shilpita\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 23:18 . 2009-06-27 19:47 -------- d-----w- c:\program files\Google
2009-12-24 04:01 . 2009-05-24 01:53 -------- d-----w- c:\programdata\Microsoft Help
2009-12-23 02:55 . 2009-12-23 02:55 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-18 11:34 . 2009-10-29 02:55 -------- d-----w- c:\program files\McAfee
2009-12-09 18:26 . 2009-08-23 15:01 -------- d-----w- c:\program files\Microsoft Office Communicator
2009-12-04 14:38 . 2009-06-28 18:10 -------- d-----w- c:\program files\Java
2009-12-02 03:40 . 2009-10-29 02:38 -------- d-----w- c:\programdata\McAfee
2009-11-26 02:37 . 2009-05-14 03:42 108824 ----a-w- c:\users\Shilpita\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-26 02:09 . 2009-04-22 08:55 -------- d-----w- c:\program files\MSBuild
2009-11-26 02:08 . 2009-11-26 02:08 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-11-26 02:07 . 2009-11-26 02:07 -------- d-----w- c:\program files\Microsoft.NET
2009-11-26 02:07 . 2009-11-26 02:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-26 02:07 . 2009-11-26 02:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-26 01:59 . 2009-11-26 01:59 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-11-14 04:21 . 2009-11-14 04:21 10134 ----a-r- c:\users\Shilpita\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-11-14 01:55 . 2009-11-14 01:55 -------- d-----w- c:\users\Shilpita\AppData\Roaming\Nero
2009-11-14 01:55 . 2009-11-14 01:55 -------- d-----w- c:\programdata\LightScribe
2009-11-08 03:28 . 2009-11-08 03:28 -------- d-----w- c:\program files\SopCast
2009-11-03 02:42 . 2009-10-04 01:53 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 12:56 . 2009-05-14 03:28 -------- d-----w- c:\programdata\Avira
2009-10-29 02:58 . 2009-10-29 02:58 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-29 02:56 . 2009-10-29 02:55 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-29 02:55 . 2009-10-29 02:55 -------- d-----w- c:\program files\McAfee.com
2009-10-28 03:47 . 2009-10-28 03:47 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-10-16 07:50 . 2009-10-16 07:50 2520888 ----a-w- c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-11 10:17 . 2009-07-02 00:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 00:28 . 2009-10-10 00:28 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-03-27 04:24 . 2009-04-22 05:58 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-04-22 05:19 . 2009-04-22 03:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 03:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2009-04-22 05:21 441856 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-22 1174016]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
"googletalk"="c:\users\Shilpita\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Update"="c:\users\Shilpita\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-12 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-03 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-03 143872]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-10-21 5073744]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-10-27 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

R0 amdxata;amdxata;c:\windows\System32\drivers\amdxata.sys [4/21/2009 8:07 PM 23120]
R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [4/21/2009 9:08 PM 249424]
R0 CNG;CNG;c:\windows\System32\drivers\cng.sys [4/21/2009 9:31 PM 369056]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [4/21/2009 9:19 PM 58448]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\drivers\fvevol.sys [4/21/2009 9:10 PM 194488]
R0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [4/21/2009 9:08 PM 13904]
R0 KSecPkg;KSecPkg;c:\windows\System32\drivers\ksecpkg.sys [4/21/2009 9:32 PM 133200]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/26/2009 2:41 PM 64288]
R0 msahci;msahci;c:\windows\System32\drivers\msahci.sys [4/21/2009 9:44 PM 27728]
R0 msisadrv;msisadrv;c:\windows\System32\drivers\msisadrv.sys [4/21/2009 9:08 PM 13904]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [4/21/2009 9:08 PM 42576]
R0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [4/21/2009 9:19 PM 173648]
R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [4/21/2009 6:36 PM 17488]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\System32\drivers\vmstorfl.sys [4/22/2009 4:23 AM 40912]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\System32\drivers\vdrvroot.sys [4/21/2009 9:44 PM 32848]
R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [4/21/2009 9:08 PM 52304]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [4/21/2009 9:09 PM 297040]
R1 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [4/21/2009 9:20 PM 35328]
R1 CSC;Offline Files Driver;c:\windows\System32\drivers\csc.sys [4/21/2009 9:12 PM 387584]
R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [4/21/2009 9:11 PM 78336]
R1 discache;System Attribute Cache;c:\windows\System32\drivers\discache.sys [4/21/2009 9:21 PM 32768]
R1 nsiproxy;NSI proxy service driver.;c:\windows\System32\drivers\nsiproxy.sys [4/21/2009 9:09 PM 16896]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [4/21/2009 10:00 PM 6656]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\System32\drivers\RDPREFMP.sys [4/21/2009 10:00 PM 7168]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\System32\drivers\tdx.sys [4/21/2009 9:09 PM 74240]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [4/21/2009 9:50 PM 48128]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [4/21/2009 9:53 PM 63488]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\System32\drivers\wfplwf.sys [4/21/2009 9:52 PM 9728]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 9:16 PM 20992]
R2 CscService;Offline Files;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 9:16 PM 20992]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [4/21/2009 9:16 PM 20992]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [4/21/2009 9:51 PM 48128]
R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [4/21/2009 9:13 PM 86528]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/17/2009 10:08 AM 93320]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 9:16 PM 20992]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [4/21/2009 9:16 PM 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 9:16 PM 20992]
R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [4/21/2009 9:33 PM 586752]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [4/21/2009 9:16 PM 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [4/21/2009 9:16 PM 20992]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [4/21/2009 9:52 PM 34816]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [4/21/2009 9:16 PM 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
R3 bowser;Browser Support Driver;c:\windows\System32\drivers\bowser.sys [4/21/2009 9:11 PM 69632]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\drivers\CompositeBus.sys [4/21/2009 9:43 PM 31232]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [4/21/2009 9:23 PM 720384]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 9:16 PM 20992]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [4/21/2009 9:16 PM 20992]
R3 KeyIso;CNG Key Isolation;c:\windows\System32\lsass.exe [4/21/2009 9:09 PM 22528]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [4/21/2009 9:23 PM 23552]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\System32\drivers\mpsdrv.sys [4/21/2009 9:51 PM 60416]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [4/21/2009 9:11 PM 220672]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [4/21/2009 9:11 PM 94720]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [4/21/2009 9:50 PM 267264]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [4/21/2009 9:16 PM 20992]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\drivers\agilevpn.sys [4/21/2009 9:53 PM 49152]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\drivers\rdpbus.sys [4/21/2009 10:01 PM 18432]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [3/20/2009 9:22 AM 139776]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\System32\drivers\srv2.sys [10/13/2009 10:00 PM 306688]
R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [4/21/2009 9:12 PM 113664]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [4/21/2009 9:52 PM 108032]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [4/21/2009 9:50 PM 39936]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [4/21/2009 9:50 PM 19968]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [4/21/2009 9:16 PM 20992]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/6/2009 10:12 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
S2 sppsvc;Software Protection;c:\windows\System32\sppsvc.exe [4/21/2009 10:44 PM 3179520]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\drivers\1394ohci.sys [4/21/2009 9:50 PM 162816]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\drivers\acpipmi.sys [4/21/2009 9:13 PM 9728]
S3 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [3/20/2009 9:22 AM 422992]
S3 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [4/21/2009 8:07 PM 297552]
S3 amdsata;amdsata;c:\windows\System32\drivers\amdsata.sys [3/20/2009 9:23 AM 77904]
S3 amdsbs;amdsbs;c:\windows\System32\drivers\amdsbs.sys [3/27/2009 10:45 PM 159312]
S3 AppID;AppID Driver;c:\windows\System32\drivers\appid.sys [4/21/2009 9:35 PM 50176]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]
S3 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [4/21/2009 8:07 PM 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\drivers\bxvbdx.sys [3/20/2009 9:22 AM 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [4/21/2009 8:01 PM 229888]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [4/21/2009 10:55 PM 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [4/21/2009 10:56 PM 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [4/21/2009 10:53 PM 272128]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [4/21/2009 10:55 PM 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [4/21/2009 10:55 PM 12160]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
S3 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [4/21/2009 9:49 PM 37888]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [4/21/2009 9:16 PM 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\drivers\evbdx.sys [3/20/2009 9:22 AM 3100160]
S3 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [3/20/2009 9:23 AM 453712]
S3 Filetrace;Filetrace;c:\windows\System32\drivers\filetrace.sys [4/21/2009 9:12 PM 28160]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\drivers\fsdepends.sys [4/21/2009 9:12 PM 45648]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\System32\drivers\hcw85cir.sys [4/21/2009 8:52 PM 26624]
S3 HpSAMD;HpSAMD;c:\windows\System32\drivers\HpSAMD.sys [4/21/2009 8:07 PM 67152]
S3 iaStorV;iaStorV;c:\windows\System32\drivers\iaStorV.sys [4/14/2009 8:30 PM 332368]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [4/21/2009 9:28 PM 65536]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [4/21/2009 9:44 PM 186960]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [4/21/2009 9:16 PM 20992]
S3 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [4/21/2009 8:07 PM 95824]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [4/21/2009 8:07 PM 89168]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\drivers\lsi_sas2.sys [4/21/2009 8:07 PM 54864]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [4/21/2009 8:07 PM 96848]
S3 megasas;megasas;c:\windows\System32\drivers\megasas.sys [3/20/2009 9:23 AM 30800]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
S3 mpio;mpio;c:\windows\System32\drivers\mpio.sys [4/21/2009 9:44 PM 130640]
S3 msdsm;msdsm;c:\windows\System32\drivers\msdsm.sys [4/21/2009 9:44 PM 115792]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [4/21/2009 9:49 PM 4096]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [4/21/2009 9:09 PM 162896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\drivers\MTConfig.sys [4/21/2009 9:45 PM 12288]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\System32\drivers\ndiscap.sys [4/21/2009 9:51 PM 27136]
S3 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [4/21/2009 8:07 PM 44624]
S3 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [4/14/2009 8:30 PM 142416]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe -k PeerDist [4/21/2009 9:16 PM 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 9:16 PM 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [4/21/2009 9:16 PM 20992]
S3 ql2300;ql2300;c:\windows\System32\drivers\ql2300.sys [3/20/2009 9:23 AM 1383504]
S3 ql40xx;ql40xx;c:\windows\System32\drivers\ql40xx.sys [4/21/2009 8:07 PM 105552]
S3 s3cap;s3cap;c:\windows\System32\drivers\vms3cap.sys [4/22/2009 4:23 AM 5632]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\System32\drivers\scfilter.sys [4/21/2009 9:32 PM 26624]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [4/21/2009 9:16 PM 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [4/21/2009 9:44 PM 12288]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [4/21/2009 8:07 PM 77904]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\System32\drivers\smb.sys [4/21/2009 9:52 PM 71168]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 9:16 PM 20992]
S3 stexstor;stexstor;c:\windows\System32\drivers\stexstor.sys [4/21/2009 8:07 PM 21072]
S3 storvsc;storvsc;c:\windows\System32\drivers\storvsc.sys [4/22/2009 4:23 AM 28240]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [4/21/2009 9:16 PM 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [4/21/2009 9:20 PM 204800]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [4/21/2009 10:00 PM 30208]
S3 UI0Detect;Interactive Services Detection;c:\windows\System32\UI0Detect.exe [4/21/2009 9:35 PM 35840]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [4/21/2009 9:23 PM 57424]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [4/21/2009 9:49 PM 86016]
S3 VaultSvc;Credential Manager;c:\windows\System32\lsass.exe [4/21/2009 9:09 PM 22528]
S3 vhdmp;vhdmp;c:\windows\System32\drivers\vhdmp.sys [4/21/2009 9:44 PM 158288]
S3 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [4/21/2009 9:08 PM 52736]
S3 vmbus;vmbus;c:\windows\System32\drivers\vmbus.sys [4/22/2009 4:23 AM 175824]
S3 VMBusHID;VMBusHID;c:\windows\System32\drivers\VMBusHID.sys [4/22/2009 4:23 AM 17920]
S3 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [3/20/2009 9:23 AM 141904]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [4/21/2009 9:45 PM 21632]
S3 wbengine;Block Level Backup Engine Service;c:\windows\System32\wbengine.exe [4/21/2009 9:21 PM 1203200]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [4/21/2009 9:16 PM 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [4/21/2009 9:16 PM 20992]
S3 Wd;Wd;c:\windows\System32\drivers\wd.sys [4/21/2009 9:08 PM 19024]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [4/21/2009 9:16 PM 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [4/21/2009 9:16 PM 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [4/21/2009 9:16 PM 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [4/21/2009 9:15 PM 19024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [4/21/2009 9:16 PM 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [4/21/2009 9:16 PM 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [4/21/2009 9:16 PM 20992]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [4/21/2009 9:16 PM 20992]
S4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/21/2009 9:16 PM 20992]


Report •

#12
December 26, 2009 at 19:41:55
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS AppIDSvc FontCache fdrespub QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
secsvcs REG_MULTI_SZ WinDefend
AxInstSVGroup REG_MULTI_SZ AxInstSV
PeerDist REG_MULTI_SZ PeerDistSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
EapHost
wercplsupport
ProfSvc
hkmsvc
winmgmt
SessionEnv
schedule
browser
BDESVC
Themes
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 05:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
Trusted Zone: avanade.com\connect
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: c:\users\Shilpita\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Shilpita\AppData\Roaming\Mozilla\Firefox\Profiles\6bw5qmam.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Shilpita\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 18:36
Windows 6.1.7100 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5380)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2009-12-26 18:37:56
ComboFix-quarantined-files.txt 2009-12-27 00:37

Pre-Run: 51,310,936,064 bytes free
Post-Run: 52,164,554,752 bytes free

- - End Of File - - 75EEECF92FB34DE9EFC68CE646E49544


Report •

#13
December 26, 2009 at 20:06:59
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\drivers\amum.sys


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#14
December 26, 2009 at 20:18:00
I think it got resolved without doing last step, i think running Combofix fixed it.Thanks a lot for your helo. But now i have a new issue when i open a link form google search result it shows page not found error (Internet Explorer cannot display the webpage) and if i refresh it again it works fine. its happing everytime i open a new link. any idea?
Thanks again for all your help.

Report •

#15
December 26, 2009 at 20:50:18
I think we celebrated it too soon, it came back again, I will do the scan and other steps again and will let you know the results… stay tuned!!

Report •


Ask Question